Abstract
Microservice architecture is used in developing enterprise-level applications with the intent to modularise deployment of the application, this happens by creating an application as a collection of var-ious smaller applications known as microservices. An Information system is one such application that is ever-growing and therefore needs an architectural solution that addresses this issue. While microservice architecture addresses this issue by giving low coupling among microservices, future scalability of the system, and convenience in developing, deploying, and integrating new microservices.For all it‘s benefits, microservice architecture complicates the consistent implementation of security policies in this distributed system. Current industry standards are to use protocols that delegate the process of authentication and authorization to a third-party server, e.g. OAuth. Delegating these processes to be handled by the third party is not suitable for some web applications that are deployed in a less resourceful environment, e.g. organization with high internet downtime or an organization with high traffic of non working personnel e.g. people giving exams in college or workshops being held. This paper aims to research proposed solutions, existing frameworks, and technologies to implement security policies in an Information system which can be suitable for the above two scenarios.For this, we use authentication, Role-based access control (RBAC) on every request, and Fine-grained access control (FGAC) on the implementation method level, to achieve greater access control and flex-ibility of adding new microservice without changing whole security policies. We have also proposed a pre-registration condition in our system, which allows only certain people, whose data is already present in the system, to register themselves with the application. We also discuss the scenario where using a protocol like OAuth is not suitable. The solution is based on creating a central single entry point for authentication and implementing an RBAC policy that will filter every request based on access roles that the requesting user has. We further use FGAC on method level in microservices to enforce n even finer restrictions on resources to be accessed based on requirements. This solution will be implemented as apart of the Department Information System (DIS) in the following two-step:
Highlights
Micro services are the need of the hour for developing enterprise-level applications
Overall components in the Department Information System(DIS) are shown in a block diagram below: Resource request flow is designed by implementing Role-based access control (RBAC) using spring security
Spring security provides a way to configure a central gateway for authentication, and role-based access control in an ever-growing and complex web application
Summary
Micro services are the need of the hour for developing enterprise-level applications. Businesses want ever scaling applications that are easy to develop, test, integrate, and deploy while allowing millions of users to access from different frontends i.e. mobile, computer, systems, etc. Applications based on monolithic architecture are painful in incremental development and release environments like agile but are great for developing policies for entire applications like security policies. Since most of the development community is moving towards microservice architecture, the system, logically a single entity, is becoming more and more distributed. As a result, maintaining a single global policy is more difficult and increases code duplication. To ensure scalability of web applications and integration of new microservices with current security protocols implemented we need a robust way that can help us with authentication, authorization, and access control
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
